Fakeeh Care Group

UAE Entities

HOSPITALS

Fakeeh University HospitalJeddah Dr Soliman Fakeeh Hospital

AMBULATORY CARE

Kaust HealthFakeeh Medical HomeFakeeh MedicalFakeeh Executive ClinicDr Soliman Fakeeh Medical Center

OUTREACH HEALTH CARE

MedEFakeeh Home HealthFakeeh International

EDUCATION

Khadija Attar CenterFakeeh College for Medical Sciences

AMBULATORY CARE

Fakeeh ComplementaryFakeeh Vision

OUTREACH HEALTH CARE

Watch we growAlfarabi LogisticsAHCOlympiaFakeeh Tech
Before you continue
By clicking “Accept All”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts.
DenyAccept All

Privacy Statement

Home
Privacy Statement

Welcome to the Privacy Policy of Fakeeh Care Group.

  • Effective Date: 1/4/2026
  • Last Updated: 1/4/2026

1. Introduction & Our Commitment

Fakeeh Care Group ("Fakeeh Care", "we", "us", or "our") is committed to protecting the privacy and personal data of every individual we interact with. This Privacy Policy describes how we collect, use, store, share, and protect your personal information in compliance with the Saudi Personal Data Protection Law (PDPL), the National Cybersecurity Authority (NCA) requirements, and all other applicable regulations.

We believe privacy is a fundamental right. Everything we do with your personal data is guided by the following core principles:

  • Lawfulness & Transparency: We only collect and process personal data based on a valid legal basis under the Saudi Personal Data Protection Law (PDPL) and we clearly inform you of the purpose and basis of processing.
  • Purpose Limitation: Data is collected for specific, documented purposes and not used for anything else.
  • Data Minimization: We collect only what is strictly necessary nothing more.
  • Accuracy: We keep your data accurate and up to date. You can request corrections at any time.
  • Security: We apply technical and organizational controls to protect your data from unauthorized access or disclosure.
  • Accountability: Our Data Protection Officer (DPO) is responsible for compliance and is available to address your concerns.

2. About Fakeeh Care Group

Fakeeh Care Group is a leading healthcare organization headquartered in the Kingdom of Saudi Arabia, providing a comprehensive range of medical, clinical, and administrative services. We operate hospitals, clinics, and digital health platforms across the Kingdom and beyond.

For the purposes of this policy, Fakeeh Care Group acts as the Data Controller for personal data collected through our services, website, mobile applications, and physical facilities.

3. How We Collect Your Personal Data

We collect personal data through two channels: direct, indirect, and automated sources.

3.1 Data Collected Directly from You

We may collect personal data directly from you when you interact with Fakeeh Care Group through our healthcare services, digital platforms, or communications, including:

  • When you register as a patient at our hospitals, clinics, pharmacies, or medical centers
  • When you book, reschedule, or cancel appointments
  • When you visit our facilities for consultations, treatment, emergency care, diagnostic services, or inpatient admission
  • When you complete registration forms, medical history forms, consent forms, or insurance forms
  • When you communicate with us in person, by phone, email, SMS, WhatsApp, mobile application, website, or patient portal
  • When you submit inquiries, complaints, feedback, or requests through our customer service channels
  • When you subscribe to newsletters, health campaigns, wellness programs, or marketing communications
  • When you participate in surveys, patient satisfaction assessments, or promotional activities
  • When you apply for employment, internships, or professional opportunities with us
  • When you provide information for research participation, clinical studies, or healthcare programs
  • When you use our website, mobile applications, patient portal, or other digital platforms
  • You provide personal data through wearable devices, remote monitoring tools, or connected health technologies where such services are used with your consent

3.2 Data Collected Automatically/Indirectly

We may also collect personal data about you indirectly from authorized third parties and other legitimate sources, including:

  • From your family members, guardians, caregivers, or authorized representatives
  • From referring to physicians, specialists, hospitals, laboratories, pharmacies, or other healthcare providers
  • From government authorities, regulators, and official health platforms where required by law
  • From public health authorities for disease reporting, vaccination records, and regulatory compliance
  • From employers or corporate clients, limited to administrative, eligibility, or contractual information necessary to provide healthcare services under corporate arrangements, and subject to applicable legal requirements
  • From recruitment agencies, professional references, or professional networks, solely for lawful and proportionate recruitment and employment-related purposes
  • From business partners, affiliates, and service providers supporting our healthcare operations
  • From cookies, analytics tools, and similar technologies used on our digital platforms, subject to our Cookie Notice and applicable consent requirements
  • From CCTV systems and access control systems when you visit our premises
  • From third parties where you have provided consent or where collection is otherwise permitted by law
  • From publicly available sources, only where necessary, lawful, and proportionate for the intended purpose.

3.3 The Collection of Personal Data of Children or Their Equivalents

Where personal data relates to a child (under 18) or a legally incapacitated individual, such data will only be processed with the consent of the legal guardian or where otherwise permitted by applicable law. Fakeeh Care Group may request evidence of guardianship where necessary.

4. What Personal Data We Collect and Use

Depending on the nature of your relationship with Fakeeh Care Group (for example, as a patient, visitor, employee, healthcare professional, researcher, study participant, applicant, or business representative), we may collect and use different categories of personal data, including:

  • Personal Identifying Data: We may collect personal data used to identify you and administer our services, including Full name, National ID, Iqama, passport number, or other government-issued identifiers, Date of birth, Gender, Patient number, medical record number, or other internal identifiers
  • Contact and Communication Data: We may collect personal data used to contact you and manage communications, including
  • Health and Clinical Data: We may collect personal data necessary to provide healthcare services and manage clinical operations, including medical history, Symptoms and diagnoses, Clinical notes and treatment records, Medication and prescription records, Vital signs and physiological measurements, Laboratory test requests and laboratory results, Radiology and diagnostic imaging results, Surgical and procedure records, Visitation and referrals
  • Employment and HR Data : Where you are an employee, contractor, trainee, intern, or applicant, we may collect and use personal data for recruitment and employment administration, including: CV / resume, Educational background, Professional qualifications and licenses, Employment history, References and background verification information, Visa and work authorization details, Training records, Emergency contact and dependent information, Performance and appraisal records, Attendance and shift records, Payroll and benefits information
  • Technical and Digital Usage Data: When you use our websites, applications, portals, or digital services, we may collect and use technical data, including IP address, Browser type, Device type, Operating system, Login records, Cookies and similar tracking technologies, Website activity and navigation behavior
  • Security and Surveillance Data: We may collect and use personal data for security, safety, and operational monitoring purposes, including CCTV footage, Building access records, Visitor logs
  • Communications, Feedback, and Service Interaction Data: We may collect and use personal data when you interact with us for support, service improvement, or communication purposes, including Call recordings, Customer service interactions, Complaints and grievance records, Chat and messaging records, Appointment communication records

5. Lawful Basis for Processing Personal Data

Under the Saudi Personal Data Protection Law (PDPL), Fakeeh Care Group must have a valid legal basis before collecting or processing any personal data. We rely on one or more of the following six lawful bases depending on the type of data and the purpose of processing. Where applicable, we will inform you of the legal basis for processing your personal data

  • Consent: You have given clear, freely given, specific, and informed agreement to process your data for a stated purpose.
  • Contractual Necessity: Processing is necessary to fulfill a contract with you, or to take steps at your request before entering one.
  • Legal Obligation: Processing is required to comply with a law or regulatory obligation applicable to Fakeeh Care.
  • Vital Interests: Processing is necessary to protect the life or physical safety of you or another person where consent cannot be obtained.
  • Public Interest: Processing is necessary to carry out a task in the public interest or as part of an official authority.
  • Legitimate: Interests Processing is necessary for our legitimate business interests, provided those interests are not overridden by your rights.

5.1 Consent — Your Right to Withdraw

Where we rely on your consent on the lawful basis, you have the right to withdraw that consent at any time. Withdrawing consent does not affect the lawfulness of any processing carried out before the withdrawal.

To withdraw consent, please contact our DPO using the details in Section 15

5.2 Sensitive Personal Data — Additional Safeguards

Health and medical data are classified as Sensitive Personal Data under the PDPL and attract a higher level of protection. We only process sensitive data where at least one of the following additional conditions is satisfied:

  • Explicit consent: You have given specific written or verified digital consent for the processing of your health data.
  • Vital medical: interest Processing is necessary to protect your life or that of another person.
  • Healthcare provision: Processing is carried out by a healthcare professional subject to a professional duty of confidentiality.
  • Legal obligation: Processing is required under Saudi health law, Ministry of Health regulation.
  • Public health: Processing is necessary for public health purposes, including disease surveillance, as authorized by law.
  • Research: Processing is for medical research, subject to appropriate anonymization and ethical oversight.

Our commitment: We will never use your personal data in a way that is incompatible with the purpose for which it was collected, and we will always ensure a valid lawful basis exists before any processing begins.

6. How We Share Your Personal Data

  • Fakeeh Care Group may share your personal data where necessary for legitimate healthcare, operational, administrative, research, legal, or regulatory purposes, and only to the extent necessary and permitted under applicable law.
  • Personal data may be shared internally within Fakeeh Care Group entities, facilities, departments, and authorized personnel to support healthcare delivery, treatment, diagnostics, patient support, operational continuity, quality assurance, research governance, and administrative functions. This includes sharing with treating physicians, nurses, consultants, internal laboratories, diagnostic teams, customer service teams, patient support functions, billing and insurance teams, compliance and legal functions, and authorized administrative personnel on a need-to-know basis.
  • We may share personal data with trusted third-party service providers and operational support partners who support our services under our instructions and subject to appropriate contractual, confidentiality, and security obligations. This includes service providers supporting customer communication, contact center operations, appointment coordination, and patient support services, system support providers, payment processors, billing administrators, logistics providers, professional advisors, consultants, and other vendors supporting our operational and administrative functions.
  • We may share personal data with healthcare providers, medical professionals, and specialist consultants where necessary to support diagnosis, treatment, referrals, second opinions, continuity of care, or specialist medical consultation. This may include sharing with referring physicians, external specialists, hospitals, pharmacies, and healthcare providers involved in your care. Where clinically necessary, medical images, recordings, or consultation videos may also be shared with external medical consultants or specialists for diagnostic review, treatment planning, or specialist consultation, Such sharing is strictly limited to what is necessary for the relevant medical purpose and is carried out subject to appropriate professional confidentiality, clinical necessity, and security safeguards, and only with parties involved in the provision of the data subject’s care.
  • We may share personal data with internal and external laboratory and diagnostic service providers where necessary to perform laboratory, pathology, radiology, genetic, or other diagnostic testing. This includes sharing with internal laboratories, external laboratories, and specialized reference laboratories where additional or specialized testing is required to support diagnosis, treatment, research, or clinical decision-making. Where required, certain laboratory tests may be performed by specialized service providers outside the Kingdom of Saudi Arabia, only where necessary, subject to applicable legal requirements, and appropriate data transfer safeguards in accordance with PDPL requirements.
  • Where applicable, personal data may be shared for legitimate and approved research, scientific, and clinical study purposes, including with research investigators, study teams, Institutional Review Boards (IRBs), ethics committees, research sponsors, Contract Research Organizations (CROs), academic collaborators, and authorized research partners, subject to applicable legal, ethical, and governance requirements. Where applicable, research-related data will be minimized, coded, pseudonymized, or anonymized and processed in accordance with applicable ethical approvals and legal requirements.
  • We may share personal data with insurers, third-party administrators, and corporate healthcare program partners where necessary for eligibility verification, approvals, claims administration, billing, and healthcare administration. Where services are provided under employer or corporate arrangements, such sharing is limited to administrative, eligibility, and contractual information unless otherwise required or permitted by law.
  • We may share personal data with government authorities, regulators, public health authorities, courts, law enforcement authorities, and competent bodies were required to comply with applicable laws, healthcare obligations, licensing requirements, public health requirements, regulatory obligations, or lawful requests.
  • We may also share personal data with professional advisors, auditors, consultants, legal counsel, and similar professional service providers where necessary to support legal, compliance, audit, risk, governance, or operational matters, subject to appropriate confidentiality and legal obligations.
  • Where necessary for specialized healthcare services, diagnostic testing, scientific collaboration, technical support, or operational purposes, personal data may be shared with authorized recipients outside the Kingdom of Saudi Arabia in accordance with applicable legal and regulatory requirements and subject to appropriate safeguards designed to protect personal data.
  • We may also share personal data where you have requested or authorized us to do so, where you have provided your consent, or where disclosure is otherwise permitted or required under applicable law.
  • Fakeeh Care Group does not sell personal data and shares personal data only where necessary, lawful, proportionate, and subject to appropriate confidentiality, security, and data protection safeguards.

7. Data Storage & Retention

7.1 Where We Store Your Data

Your personal data is stored securely within Fakeeh Care Group facilities located in the Kingdom of Saudi Arabia, and/or with approved cloud service providers operating within compliant data center jurisdictions. All storage solutions are protected by encryption, access controls, and regular security assessments.

7.2 How Long We Keep Your Data

Your Personal Data will be retained only as long as necessary to fulfill the purpose for which it was collected, unless a longer retention period is required to comply with legal obligations or regulatory requirements applicable to Fakeeh. Fakeeh takes all reasonable measures to protect your Personal Data from misuse, loss, unauthorized access, modification, or disclosure. Archiving is conducted in a secure environment following internal best practices and restrictions to safeguard your information. Once no longer needed, your Personal Data is securely destroyed using methods like shredding or degaussing or anonymized to prevent re-identification of individuals and their data, and All disposal activities are logged

8. Your Rights as a Data Subject

Under the Saudi Personal Data Protection Law (PDPL), you have the following rights.

  • Right to Informed: You have the right to know why your data is being collected, the legal basis for it, and how it will be used
  • Right of Access: Request a copy of your personal data held by us Submit a request
  • Right to Correction: Request correction of inaccurate, incomplete, or outdated data
  • Right to Erasure/ Destruction: Request deletion of your data where no longer needed or where consent is withdrawn Submit a written request, subject to legal retention obligations
  • Right to Withdraw: Consent Withdraw consent at any time without affecting prior lawful processing Contact our DPO or use the opt-out link in communications

No fees apply: Exercising any of the above rights is free of charge, except as otherwise stipulated by law. All valid requests will receive a response within 30 business days of receipt.

9. Cookies & Digital Tracking

When you use our website or mobile applications, we may use cookies and similar tracking technologies to improve your experience and understand how our platforms are used.

  • Essential Cookies: Required for core functionality
  • Analytics Cookies: Understand how visitors use our platforms to improve design
  • Preference Cookies: Remember your language, region, and display settings
  • Marketing Cookies: Deliver relevant content and services, subject to your consent where required.

You can manage your cookie preferences at any time through the cookie settings banner on our website, or by contacting our DPO.

10. How We Protect Your Data

Fakeeh Care Group applies a robust set of technical and organizational security controls to protect your personal data:

  • Encryption: All data at rest and in transit is encrypted to prevent unauthorized access.
  • Access Control: mange all access to data to limit access to authorized personnel
  • Comply with NCA: Systems and practices adhere to National Cybersecurity Authority (NCA) standards
  • Audit review: Regular audits and reviews ensure continued compliance and security.
  • Staff Training: All staff complete mandatory data protection training at onboarding and annually thereafter
  • Incident Response: A documented breach response plan is in place. Data breaches are reported to SDAIA within 72 hours as required, and inform affected individuals when required

11. Data Breach Notification

In the event of a personal data breach that is likely to affect your rights or interests, Fakeeh Care Group will:

  • Notify the Saudi Data and Artificial Intelligence Authority (SDAIA)within 72 hours of becoming aware of the breach
  • Inform affected individuals without undue delay, clearly explaining what happened and what steps we have taken
  • Implement immediate remediation actions to contain the breach and prevent recurrence

To report suspected privacy or data breach, please contact our DPO immediately

12. Complaints & Escalation

12.1 Raise a Complaint with Us

If you believe we have not handled your personal data in accordance with this policy or applicable law, please contact our Data Management Office using the details in Section 15. We will acknowledge your complaint within 3 business days and provide a full response within 30 business days.

12.2 Escalate to the Regulator

If you are not satisfied with our response, you have the right to escalate your complaint to the competent regulatory authority:

Authority: Saudi Data and Artificial Intelligence Authority (SDAIA)

Website: sdaia.gov.sa

13. Policy Updates

We review and update this Privacy Policy at least annually, or whenever there is a material change in our data practices or applicable law. When we make significant changes, we will notify you via WhatsApp or a prominent notice on our website.

Continued use of our services after the effective date of an updated policy constitutes your acknowledgment of the changes.

The current version and changes are available at start of the policy

14. Contact Information

For any privacy-related questions, requests, or concerns, please contact us through the following channels:
Email: DPO@fakeeh.care